In my previous blogs I have outlined how the Frame™ Bring Your Own (BYO) Networking capability in Amazon Web Services (AWS) could be used to deploy a Frame account in a manner that would allow Frame-managed workload VMs to be connected to an existing private network. Recent addition of Frame Remoting Protocol (FRP) 8 has adjusted some of the ports and protocols used for workload connectivity. In this blog, I will update how the Frame Streaming Gateway Appliance (SGA) interacts with the new FRP8 networking environment.
The Nutanix® Frame® Desktop-as-a-Service (DaaS) solution that allows administrators to create pools of non-persistent desktops and applications for use by internal and external users. When used on one of the public cloud infrastructures – AWS®, Azure® or GCP® clouds – this service can scale out very quickly and increase an organization's capacity to support a variety of use cases
One use case provides applications for training or tradeshow/conference demonstration purposes on a temporary basis.This use case could become important to close all the active sessions on a Frame account to allow deprovisioning of the cloud resources. This blog will step you through how the Frame admin API can be used to accomplish this objective via a PowerShell script.
Nutanix Frame® Desktop-as-a-Service (DaaS) has long supported private network workloads via the implementation of a Streaming Gateway Appliance (SGA). On public cloud infrastructure, this capability can be automatically deployed upon account creation. As a part of this process, the Frame platform creates a Network Address Translation (NAT) Gateway to ensure that the workloads have a way to communicate back to the Frame control plane residing on the Internet. When deployed, this NAT GW does not provide network administrators the ability to control or restrict the outbound web traffic of the workloads. By combining an autodeployed SGA with Amazon® Web Service's (AWS) Network Firewall solution, a network administrator can get fine grained control of the outbound web traffic for Frame-managed workloads and still allow them to contact the Frame control plane. This blog will demonstrate how this can be done.
Frame® Desktop-as-a-Service (DaaS) provides a detailed scheduling capability to ensure that Frame accounts are able to deliver just-in-time production capacity while minimizing the additional cost of having idle cloud capacity. However, Frame does not currently have the built-in feature to alert administrators when an existing production pool is running out of provisioned capacity. This might lead to users not being able to connect to a session because all of the VMs in the production pool are in use at a moment in time. This blog will demonstrate how the Frame Admin API can be used to monitor the actual number of concurrent sessions and send a message to a Slack® channel when the number of active sessions reaches a certain percentage of the provisioned capacity of a Frame production pool.
Nutanix's Frame® desktop-as-a-service, with its ability to deliver virtual desktops and applications on non-persistent virtual machines, is a key part of the security posture of many customers. When combined with Frame application mode, which eliminates the Windows® Desktop and focuses the end user on a single set of published applications, Frame provides enterprises with a secure way to deliver Windows applications and not lose control of the underlying data. As a part of our Enterprise Profiles capability, Nutanix released a feature that allows Frame administrators to further secure their Frame environment by forcing users with Enterprise Profiles to be logged in as a non-administrative local Windows user. Recently, this feature has been turned into a setting that can be applied to any Frame account that is not using the Frame Domain Join feature.
The Nutanix Frame™ Platform records session and audit log information on what actions users and administrators are doing in the Frame Desktop-as-a-Service (DaaS). This session and audit log information is available for download from the Frame Console. Enterprises often want to combine this session and audit event data with information from other sources within their Security Information and Event Management (SIEM) solution in order to obtain a more comprehensive view of what is occurring in their enterprise. In this blog, we will demonstrate how Frame Admin API can be used within a PowerShell script to retrieve audit data from Frame and insert it into the Splunk® event manager, one of the more popular SIEM's on the market.
Nutanix Frame™ Desktop as a Service (DaaS) solution supports multiple networking models. One of the more popular networking models for enterprises is the Frame Private networking model. This model allows the Frame workload VMs to have private IP addresses on the enterprise private network and access private networking resources and it is the simplest way to inherit existing network security processes.
However, remote users still need a way to connect to these private networks. The traditional way of implementing this access is to deploy a VPN, but that requires implementing and maintaining software on the user endpoint devices and VPN connections can overload security products like firewalls.
Frame offers a Streaming Gateway Appliance (SGA) to meet this need, but some enterprises may wish to take advantage of the “security as a service” model offered by Zscaler, Inc. Zscaler offers a “DMZ as a service” solution that can provide DMZ type functionality without the complication involved in many DMZ deployments. The Zscaler® service maintains many certifications required by government agencies and it meets the rigorous standards required by the most security conscious organizations.
In this blog you will learn how Zscaler Private Access (ZPA) and Frame DaaS can work together to provide a remote access solution to a private cloud with a simplified administrative model while maintaining a high level of security.
As enterprises continue to expand their IT footprint into the public clouds, extending existing private networking infrastructure into the public cloud has become more critical. To address the flexibility that this requires, Nutanix has added a Bring Your Own (BYO) Networking feature to its Frame™ Desktop-as-a-Service (DaaS) solution. In a previous blog, I walked through how to use this feature in the AWS® platform. In this blog, I will walk you through how an environment could be set up in an Azure® cloud infrastructure. Integration between your Frame-managed workloads with an actual private network depends on the specific implementation of your private network.
In my previous blog, I outlined how the Nutanix Frame™ Bring Your Own (BYO) Networking capability in Amazon Web Services (AWS) could be used to deploy a Frame account in a manner that would allow it to be connected to an existing private network. In that post, I deployed a RDP bastion server so that I could access those private Frame workloads from an internet based machine since I had no private network.
In this blog, I will demonstrate how the Frame automated Streaming Gateway Appliance (SGA) deployment capability can be used to grant internet access to those same private workloads so that I no longer need the RDP bastion server to access the private network.
As enterprises continue to expand their IT footprint into the public clouds, extending existing private networking infrastructure into the cloud has become more critical. To address the flexibility that this requires, Nutanix has added a Bring Your Own (BYO) Networking feature to its Frame® Desktop-as-a-Service (DaaS) solution. In this blog, I walk you through how a test environment could be set up in an AWS® infrastructure to familiarize a Frame administrator with how this feature works. Integration into an actual private network depends on the specific implementation of that network.
BYO networking is useful when an enterprise wants to grant external or temporary access to internal resources. By leveraging a public cloud service like AWS, an enterprise can “rent” public-facing computing resources and grant users access to files or software anywhere in the world. It can also be used as “surge capacity” to grant more full-term employees access to what they need to perform their jobs, but are denied access to physical locations where the private network has been deployed.
You can find details on the network requirements for using Frame in a BYO networking scenario at Public Cloud with Private Networking.